CentOS iptables 防火墙添加 IP 白名单, 指定 IP 可访问端口
vi /etc/sysconfig/iptables
以下为我虚拟机的防火墙为例 (CentOS 7)
- # sample configuration for iptables service
- # you can edit this manually or use system-config-firewall
- # please do not ask us to add additional ports/services to this default configuration
- *filter
- :INPUT ACCEPT [0:0]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [0:0]
- -N whitelist
- -A whitelist -s xx.xx.xx.xx/32 -j ACCEPT ## 添加 IP 到白名单
- -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- -A INPUT -p icmp -j ACCEPT
- -A INPUT -i lo -j ACCEPT
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j whitelist ##whitelist 调用白名单 IP 列表, 22 端口只允许白名单 IP 使用
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT ## 无调用白名单, 外网可访问
- -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
- -A INPUT -j REJECT --reject-with icmp-host-prohibited
- -A FORWARD -j REJECT --reject-with icmp-host-prohibited
- COMMIT
- ~
:wq 保存, 重启防火墙生效
来源: http://www.bubuko.com/infodetail-2781510.html